[pmg-devel] [PATCH pmg-api 06/12] add rule attributes and/invert (for each relevant type)

[Dominik Csapak <d.csapak@proxmox.com>]

like with the objectgroups, add an attributes table for groups, and an
'and'/'invert' attribute for each relevant object type
(what/when/from/to).

This is intended to modify the behaviour for the matching regarding
object groups, so that one has more choice in the logical matching.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 src/PMG/API2/ObjectGroupHelpers.pm |   8 ++
 src/PMG/API2/Rules.pm              |  53 ++++++++-
 src/PMG/DBTools.pm                 |  15 +++
 src/PMG/RuleDB.pm                  | 169 +++++++++++++++++++++++------
 4 files changed, 209 insertions(+), 36 deletions(-)

diff --git a/src/PMG/API2/ObjectGroupHelpers.pm b/src/PMG/API2/ObjectGroupHelpers.pm
index a08a6a3..3060157 100644
--- a/src/PMG/API2/ObjectGroupHelpers.pm
+++ b/src/PMG/API2/ObjectGroupHelpers.pm
@@ -31,6 +31,14 @@ sub format_rule {
 	active => $rule->{active},
 	direction => $rule->{direction},
     };
+    my $types = [qw(what when from to)];
+    my $attributes = [qw(and invert)];
+    for my $type ($types->@*) {
+	for my $attribute ($attributes->@*) {
+	    my $opt = "${type}-${attribute}";
+	    $data->{$opt} = $rule->{$opt} if defined($rule->{$opt});
+	}
+    }
 
     $cond_create_group->($data, 'from', $from);
     $cond_create_group->($data, 'to', $to);
diff --git a/src/PMG/API2/Rules.pm b/src/PMG/API2/Rules.pm
index c48370f..1ebadc2 100644
--- a/src/PMG/API2/Rules.pm
+++ b/src/PMG/API2/Rules.pm
@@ -149,6 +149,54 @@ my $rule_params = {
 	type => 'boolean',
 	optional => 1,
     },
+    'what-and' => {
+	description => "Flag to 'and' combine WHAT group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'what-invert' => {
+	description => "Flag to invert WHAT group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'when-and' => {
+	description => "Flag to 'and' combine WHEN group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'when-invert' => {
+	description => "Flag to invert WHEN group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'from-and' => {
+	description => "Flag to 'and' combine FROM group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'from-invert' => {
+	description => "Flag to invert FROM group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'to-and' => {
+	description => "Flag to 'and' combine TO group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
+    'to-invert' => {
+	description => "Flag to invert TO group matches.",
+	type => 'boolean',
+	default => 0,
+	optional => 1,
+    },
 };
 
 sub get_rule_params {
@@ -203,7 +251,10 @@ __PACKAGE__->register_method ({
 
 	my $rule = $rdb->load_rule($id);
 
-	for my $key (qw(name active direction priority)) {
+	my $keys = ["name", "priority"];
+	push $keys->@*, keys get_rule_params()->%*;
+
+	for my $key ($keys->@*) {
 	    $rule->{$key} = $param->{$key} if defined($param->{$key});
 	}
 
diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 0d3d9c3..605eb71 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -295,6 +295,18 @@ my $userprefs_ctablecmd =  <<__EOD;
 
 __EOD
 
+my $rule_attributes_cmd = <<__EOD;
+    CREATE TABLE Rule_Attributes (
+      Rule_ID INTEGER NOT NULL,
+      Name VARCHAR(20) NOT NULL,
+      Value BYTEA NULL,
+      PRIMARY KEY (Rule_ID, Name)
+    );
+
+    CREATE INDEX Rule_Attributes_Rule_ID_Index ON Rule_Attributes(Rule_ID);
+
+__EOD
+
 my $object_group_attributes_cmd = <<__EOD;
     CREATE TABLE Objectgroup_Attributes (
       Objectgroup_ID INTEGER NOT NULL,
@@ -452,6 +464,8 @@ sub create_ruledb {
 
         $virusinfo_stat_ctablecmd;
 
+        $rule_attributes_cmd;
+
         $object_group_attributes_cmd;
 EOD
     );
@@ -508,6 +522,7 @@ sub upgradedb {
 	'CStatistic', $cstatistic_ctablecmd,
 	'ClusterInfo', $clusterinfo_ctablecmd,
 	'VirusInfo', $virusinfo_stat_ctablecmd,
+	'Rule_Attributes', $rule_attributes_cmd,
 	'Objectgroup_Attributes', $object_group_attributes_cmd,
     };
 
diff --git a/src/PMG/RuleDB.pm b/src/PMG/RuleDB.pm
index df9e526..70770a8 100644
--- a/src/PMG/RuleDB.pm
+++ b/src/PMG/RuleDB.pm
@@ -665,6 +665,35 @@ sub delete_object {
     return 1;
 }
 
+sub update_rule_attributes {
+    my ($self, $rule) = @_;
+
+    my $types = [qw(what when from to)];
+    my $attributes = [qw(and invert)];
+
+    for my $type ($types->@*) {
+	for my $attribute ($attributes->@*) {
+	    my $prop = "$type-$attribute";
+
+	    # only save the values if they're set to 1
+	    if ($rule->{$prop}) {
+		$self->{dbh}->do(
+		    "INSERT INTO Rule_Attributes (Rule_ID, Name, Value) " .
+		    "VALUES (?, ?, ?) ".
+		    "ON CONFLICT (Rule_ID, Name) DO UPDATE SET Value = ?", undef,
+		    $rule->{id}, $prop, $rule->{$prop}, $rule->{$prop},
+		);
+	    } else {
+		$self->{dbh}->do(
+		    "DELETE FROM Rule_Attributes " .
+		    "WHERE Rule_ID = ? AND Name = ?", undef,
+		    $rule->{id}, $prop,
+		);
+	    }
+	}
+    }
+}
+
 sub save_rule {
     my ($self, $rule) = @_;
 
@@ -679,28 +708,53 @@ sub save_rule {
 
     my $rulename = encode('UTF-8', $rule->{name});
     if (defined($rule->{id})) {
+	$self->{dbh}->begin_work;
 
-	$self->{dbh}->do(
-	    "UPDATE Rule " .
-	    "SET Name = ?, Priority = ?, Active = ?, Direction = ? " .
-	    "WHERE ID = ?", undef,
-	    $rulename, $rule->{priority}, $rule->{active},
-	    $rule->{direction}, $rule->{id});
+	eval {
+	    $self->{dbh}->do(
+		"UPDATE Rule " .
+		"SET Name = ?, Priority = ?, Active = ?, Direction = ? " .
+		"WHERE ID = ?", undef,
+		$rulename, $rule->{priority}, $rule->{active},
+		$rule->{direction}, $rule->{id});
+
+	    $self->update_rule_attributes($rule);
 
-	return $rule->{id};
+	    $self->{dbh}->commit;
+	};
 
+	if (my $err = $@) {
+	    $self->{dbh}->rollback;
+	    syslog('err', $err);
+	    return undef;
+	}
     } else {
-	my $sth = $self->{dbh}->prepare(
-	    "INSERT INTO Rule (Name, Priority, Active, Direction) " .
-	    "VALUES (?, ?, ?, ?);");
+	$self->{dbh}->begin_work;
 
-	$sth->execute($rulename, $rule->priority, $rule->active,
-		      $rule->direction);
+	eval {
+	    my $sth = $self->{dbh}->prepare(
+		"INSERT INTO Rule (Name, Priority, Active, Direction) " .
+		"VALUES (?, ?, ?, ?);");
+
+	    $sth->execute($rulename, $rule->priority, $rule->active,
+		$rule->direction);
+
+
+	    $rule->{id} = PMG::Utils::lastid($self->{dbh}, 'rule_id_seq');
+
+	    $self->update_rule_attributes($rule);
 
-	return $rule->{id} = PMG::Utils::lastid($self->{dbh}, 'rule_id_seq');
+	    $self->{dbh}->commit;
+	};
+
+	if (my $err = $@) {
+	    $self->{dbh}->rollback;
+	    syslog('err', $err);
+	    return undef;
+	}
     }
 
-    return undef;
+    return $rule->{id};
 }
 
 sub delete_rule {
@@ -826,24 +880,58 @@ sub rule_remove_group {
     return 1;
 }
 
+sub load_rule_attributes {
+    my ($self, $rule) = @_;
+
+    my $types = [qw(what when from to)];
+    my $attributes = [qw(and invert)];
+
+    my $attribute_sth = $self->{dbh}->prepare("SELECT * FROM Rule_Attributes WHERE Rule_ID = ?");
+    $attribute_sth->execute($rule->{id});
+
+    ATTRIBUTES_LOOP:
+    while (my $ref = $attribute_sth->fetchrow_hashref()) {
+	for my $type ($types->@*) {
+	    for my $attribute ($attributes->@*) {
+		my $prop = "$type-$attribute";
+		if ($ref->{name} eq $prop) {
+		    $rule->{$prop} = $ref->{value};
+		    next ATTRIBUTES_LOOP;
+		}
+	    }
+	}
+    }
+}
+
 sub load_rule {
     my ($self, $id) = @_;
 
     defined($id) || die "undefined id: ERROR";
 
-    my $sth = $self->{dbh}->prepare(
-	"SELECT * FROM Rule where id = ? ORDER BY Priority DESC");
+    $self->{dbh}->begin_work;
 
-    my $rules = ();
+    my $rule;
 
-    $sth->execute($id);
+    eval {
+	my $sth = $self->{dbh}->prepare(
+	    "SELECT * FROM Rule where id = ? ORDER BY Priority DESC");
 
-    my $ref = $sth->fetchrow_hashref();
-    die "rule '$id' does not exist\n" if !defined($ref);
+	$sth->execute($id);
+
+	my $ref = $sth->fetchrow_hashref();
+	die "rule '$id' does not exist\n" if !defined($ref);
 
-    my $rule = PMG::RuleDB::Rule->new($ref->{name}, $ref->{priority},
-				      $ref->{active}, $ref->{direction});
-    $rule->{id} = $ref->{id};
+	$rule = PMG::RuleDB::Rule->new($ref->{name}, $ref->{priority},
+					  $ref->{active}, $ref->{direction});
+	$rule->{id} = $ref->{id};
+
+	$self->load_rule_attributes($rule);
+    };
+    my $err = $@;
+
+    $self->{dbh}->rollback;
+
+    die $err if $err;
 
     return $rule;
 }
@@ -851,22 +939,33 @@ sub load_rule {
 sub load_rules {
     my ($self) = @_;
 
-    my $sth = $self->{dbh}->prepare(
-	"SELECT * FROM Rule ORDER BY Priority DESC");
-
     my $rules = ();
 
-    $sth->execute();
+    $self->{dbh}->begin_work;
 
-    while (my $ref = $sth->fetchrow_hashref()) {
-	my $rulename = PMG::Utils::try_decode_utf8($ref->{name});
-	my $rule = PMG::RuleDB::Rule->new($rulename, $ref->{priority},
-					  $ref->{active}, $ref->{direction});
-	$rule->{id} = $ref->{id};
-	push @$rules, $rule;
-    }
+    eval {
+	my $sth = $self->{dbh}->prepare(
+	    "SELECT * FROM Rule ORDER BY Priority DESC");
 
-    $sth->finish();
+	$sth->execute();
+
+	while (my $ref = $sth->fetchrow_hashref()) {
+	    my $rulename = PMG::Utils::try_decode_utf8($ref->{name});
+	    my $rule = PMG::RuleDB::Rule->new($rulename, $ref->{priority},
+					      $ref->{active}, $ref->{direction});
+	    $rule->{id} = $ref->{id};
+	    #$self->load_rule_attributes($rule);
+
+	    push @$rules, $rule;
+	}
+
+	$sth->finish();
+    };
+    my $err = $@;
+
+    $self->{dbh}->rollback;
+
+    die $err if $err;
 
     return $rules;
 }
-- 
2.30.2